Chapter 3 Quiz CISS 310
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:
b. Session hijacking
A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?
b. drive-by-download
The default root directory of the Microsoft Internet Information Services (IIS) Web server is located at which directory below?
c. C:\Inetpub\ wwwroot
How can an attacker substitute a DNS address so that a computer is automatically redirected to another device?
c. DNS poisoning
Select below the string of characters that can be used to traverse up one directory level from the root directory:
The correct answer is: ../
What language below is for the transport and storage of data, with the focus on what the data is?
The correct answer is: XML
What language below is designed to display data, with a primary focus on how the data looks?
a. HTML
To what specific directory are users generally restricted to on a web server?
a. root
Attacks that take place against web based services are considered to be what type of attack?
a. server-side
On a compromised computer, you have found that a user without administrative privileges was able to perform a task limited to only administrative accounts. What type of exploit has occurred?
a. Privilege escalation